Per the referenced bug, $NOVA_CPU_CONF was previously being initialized
by copying $NOVA_CONF, thereby trashing any values already configured in
$NOVA_CPU_CONF.
With this commit, we merge the values from $NOVA_CPU_CONF in after the
copy.
Note that this makes use of the merge_config_file function, which is
defined in inc/meta-config, which wasn't being sourced from every code
path that hit start_nova_compute; so this commit also moves that import
from stack.sh to functions (next to the other imports from inc/, which
makes sense anyway).
Change-Id: Id3e2baa2221e13f512f8dcf1248e1e15b6a7597f
Closes-Bug: #1802143
Currently, the console server host and listen address on the compute
host is always being set to localhost. This works fine in a single
node all-in-one deployment, but will not work properly when
nova-compute is running on a separate host in a multi-node deployment.
This sets the console server host and listen address on the compute
host to the nova host IP and service listen address instead of the
localhost.
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Closes-Bug: #1669468
Change-Id: Id8b0b4159b98c7ff3c85ec3daa03d556d9897ce9
This patch adds new options:
* CACHE_BACKEND - with default "dogpile.cache.memcached"
* MEMCACHE_SERVERS - with default "localhost:1121"
to add possibility to configure various backends as cache in
Nova and Keystone.
It also adds options:
* KEYSTONE_ENABLE_CACHE - True by default
* NOVA_ENABLE_CACHE - True by default
To make possibility to enable and disable cache in those projects'
config files.
Default values configured there are the same as before were
hardcoded for Keystone config.
Nova has also enabled this cache by default.
Change-Id: I9082be077b59acd3a39910fa64e29147cb5c2dd7
Closes-Bug: #1836642
'devstack' job set the VNC listen addresses 'VNCSERVER_LISTEN' and
'VNCSERVER_PROXYCLIENT_ADDRESS' IPv4 which makes 'devstack-ipv6' job
to either unset those or set for IPv6 values.
Let's remove the setting of those in base job and let lib/nova
set based on configured ip version from job.
'devstack-ipv6' base job will be used to define the IPv6-only jobs
on Tempest and project side gate.
Change-Id: Iea469128b15298aee61245e702d20603c8d376fb
Story: #2005477
Task: #35923
This adds a variable to control the [DEFAULT]/shutdown_timeout
config in nova to control whether or not a guest should have
a graceful shutdown of the OS or if it should just stop
immediately (no timeout). Since devstack uses CirrOS images
by default, the default value for the NOVA_SHUTDOWN_TIMEOUT
variable is 0 which should speed up tempest runs. The default
in nova.conf [1] is 60 seconds.
[1] https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.shutdown_timeout
Change-Id: Ida83f70a1c4e61e5248f2bd42b4c24f7ac6d2310
Related-Bug: #1829896
In change I8934d0b9392f2976347391c8a650ad260f337762, we began
configuring console proxy ports for multiple cells in the nova
controller config files to avoid "Address already in use" errors from
port collisions when running multiple cells on a single host.
This correspondingly configures the console proxy ports in the nova
compute config file based on what cell we're in, according to the
NOVA_CPU_CELL variable.
The base_url config for serial console is also added where the default
was previously used. The url is taken from the config option default in
the nova code: nova/conf/serial_console.py [1].
[1] https://github.com/openstack/nova/blob/8f00b5d/nova/conf/serial_console.py#L54
Change-Id: Id885fc5a769bce8111f1052a1b55d26be817c890
Closes-Bug: #1830417
This is no longer being used due to Keystone PKI tokens no longer
being implemented.
In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.
Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
Since Ic0a03e89903bf925638fa26cca3dac7db710dca3 RetryFilter has been
deprecated. So we should not enable the RetryFilter on our tests.
Change-Id: I48c2c4d0714f582af8948dc88b48df1c2c62fcd2
Nova change https://review.opendev.org/603079/ changed the
default configuration to send only unversioned notfications rather
than both versioned and unversioned notifications. This could break
unsuspecting downstream projects (like Watcher) whose CI jobs are
not explicitly configuring nova for the types of notifications
they need but are just relying on getting both per the previous
default of the config option.
This adds a variable which defaults to "unversioned" to match the
nova default but allows downstream CI jobs to easily configure
another value.
Needed by https://review.opendev.org/663332/
Change-Id: Ied9d50b07c368d5c2be658c744f340a8d1ee41e0
Change I188fc2cd1b26fe7a71804f7e7d66b111d6f15e30 in nova stopped us
respecting this when generating the network templates injected into
instances on boot. With the removal of nova-network, there is no longer
any other reason to set this.
Change-Id: I925b7c6c23133cd5a835960f4507c979f615d78e
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
In change I2ce8ff3d7c33a402b8af50182ec01f512859c388, we duplicated the
'default_floating_pool' option, found in the '[DEFAULT]' group, to the
'[neutron]' group. This allowed us to continue with our deprecation
plans for the former option, which should be retired along with
nova-network.
Update the nova lib module so it'll set the new option, we can safely
assume to be the correct one now that we've removed support for cells v1
and nova-network.
Change-Id: If9a02b640e6c2e1300c7b11b7552ba13c1496d79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Remove nova cells v1 support, which also allows/necessitates removing
support for nova networks (which was only supported with cells v1) and
nova-consoleauth (which was required by cells v1 but is unnecessary
otherwise).
The Depends-On isn't really necessary, but it's here to make sure this
doesn't merge until we _really_ have killed cells v1.
I honestly expected this patch would be bigger.
Change-Id: I90316208d1af42c1659d3bee386f95e38aaf2c56
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-On: Ib0e0b708c46e4330e51f8f8fdfbb02d45aaf0f44
swift3 is no longer actively maintained in the upstream.
That has been moved to Swift repository as s3api so we should
use s3api middleware instead. As well as swift3, s3token is
also maintained in Swift upstream.
Change-Id: I4582d81da066ab53e6f11ad1df7af91425f2b0ca
Tempest's scheduler_available_filters has a special 'all' value that
is understood to mean 'all filters are enabled' by various tempest
tests. However, what it really means is 'the default nova filters are
enabled.' In an effort to help clean that up, this patch explicitly
sets scheduler_available_filters to nova's $FILTERS. Because $FILTERS
is now used in both lib/nova and lib/tempest, it is renamed
$NOVA_FILTERS.
Change-Id: I6ffc1e9989cd61d666f9c1db9c94fbabd7151918
Related-bug: 1628443
We're able to run multiple cells in devstack by setting the variable
NOVA_NUM_CELLS in the devstack local.conf. Since we run console
proxies per cell, we will start two console proxies if
NOVA_NUM_CELLS=2. However, we've not been configuring the console
proxy ports in the nova_cellN.conf files, so an attempt to start
more than one will result in a port conflict and failure to start
the subsequent console proxy services with error:
ERROR nova error: [Errno 98] Address already in use
This adds configuration of the console proxy ports based on an offset
while looping across NOVA_NUM_CELLS. The base port values are taken
from the config option defaults in the nova code: nova/conf/vnc.py,
nova/conf/spice.py, and nova/conf/serial_console.py.
Closes-Bug: #1822873
Change-Id: I8934d0b9392f2976347391c8a650ad260f337762
OpenSSL 1.0.2 generates key files with default permissions: 644 and the
files are copied to the /etc/pki/* directories with sudo.
When the default CI node Ubuntu version was changed from Xenial =>
Bionic we changed from OpenSSL 1.0.2 => 1.1.0. And OpenSSL 1.1.0
generates key files with default permissions: 600. When we copy the key
file to /etc/pki/* using sudo, it becomes owned by root and then the
console-related users are unable to read it.
This sets the ownership of the /etc/pki/<console> files to the
user:group intended to read them.
Closes-Bug: #1819794
Change-Id: I437a46c875cf633272e8cad0811e5557f2ac3641
This introduces a breaking change in the URLs used to access the console
[1]. This is updated in both the documentation and linked nova change.
[1] https://github.com/novnc/noVNC/commit/83391ffc
Change-Id: I14a0be0034f4a76ab37eb90325967500c3bf1ff9
Depends-On: I9a50a111ff4911f4364a1b24d646095c72af3d2c
Related-bug: #1682020
It seems nova has changed defaults on who can create zero-sized disk
instances [1] and now some devstack jobs, like nodepool's, can't
create cirros images using this flavor. It seems the easiest thing to
do is just to bump it up.
[1] https://review.openstack.org/#/c/603910/
Change-Id: I1172d4775d608568ccbeb27e2975d83add892ea9
Recently iscsid was disabled by default on Ubuntu 18.04 (bionic),
and it may be on Xenial too, see:
https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/1755858
On a local Bionic deployment with Python 3, the lack of iscsid makes
nova-compute fail with an exception when trying to attach a volume:
Invalid input received: Connector doesn't have required information: initiator
Asking for the service to be started even if it is already running should not
hurt, so remove the check for the distribution.
This does not seem to be an issue on CentOS 7 (but Python 2) where
the socket activation of iscsid seems to work, so maybe there is
another way to make this working. Also, the service could be
enabled, not just started.
Change-Id: Ifa995dcf8eb930e959f54e96af6f5fce3eac28ae
Change I4820abe57a023050dd8d067c77e26028801ff288 removed access
to the database for the nova-compute process but only in
superconductor mode. Grenade runs in singleconductor mode though
so we are getting tracebacks in nova-compute logs during grenade
runs because nova-compute is running with nova.conf which is
configured with access to the nova API database.
This change handles removing database access for nova-compute
generically to cover both the singleconductor and superconductor
cases.
Change-Id: I81301eeecc7669a169deeb1e2c5d298a595aab94
Closes-Bug: #1812398
This change addresses a few inconsistencies in how nova processes
are configured to speak to the placement service.
The initial inspiration was that region_name was not being set in the
[placement] section, despite $REGION_NAME being used when setting
the endpoint in the catalog. That's fixed.
While fixing that two other issues became clear:
* Configuring nova process to use placement should happen in lib/nova
not lib/placement so the function has been moved.
* auth_strategy is not relevant in the [placement] section of a
nova process
The name of the function is maintained, in case there are plugins which
call it, but a comment is added to indicate that other services besides
nova compute (such as the cell conductor) may use the function.
Change-Id: I4a46b6460596e9a445bd90de2d52dbb71fb963df
Apparently we're inheriting some database config from the main file,
which should not be set for nova-compute. If we're properly in superconductor
mode where we have a dedicated config for compute, remove those lines
if present.
Closes-Bug: #1797413
Change-Id: I4820abe57a023050dd8d067c77e26028801ff288
Given that Natty and other releases that don't use cgroups have been out
of support in Ubuntu for years now, it's high time we removed the
special case code block that sets up the cgroup mount.
Change-Id: I5403a4b1b64a95236b4dfcb66c35c594a3460cca
Change 12579c3db7b28381c8ec97945aa23ee02d54d22b moved console-related
settings from the global nova.conf to the per cell nova_cellN.conf
because of a recent change in nova that moved console token
authorizations from the nova-consoleauth service backend to the
database backend and thus changed the deployment layout requirements
from global console proxies to per cell console proxies.
The change erroneously also removed console configuration settings from
the nova-compute config file nova-cpu.conf because the nova-cpu.conf
begins as a copy of the global nova.conf.
This adds configuration of console proxies to the nova-cpu.conf in the
start_nova_compute routine. The settings have also been split up to
clarify which settings are used by the console proxy and which settings
are used by nova-compute.
Closes-Bug: #1770143
Change-Id: I2a98795674183e2c05c29e15a3a3bad1a22c0891
Change 969239029d4a13956747e6e0b850d6c6ab4035f0 completed the
conversion of console token authorization storage from the
nova-consoleauth service to the database backend. With this change,
console proxies need to be configured on a per cell basis instead
of globally.
There was a devstack change 6645cf7a26428f3af1e4739ac29c6a90b67f99dc
following it that re-enabled the novnc tempest tests, but the nova-next
job that runs the console proxies with TLS is *not* part of the normal
set of jobs that run on devstack changes (it's in the experimental
queue), so it was able to merge without the nova-next job passing.
This configures the nova console proxies in the per cell configuration
file if cells v2 is configured for multiple cells in order to pass the
nova-next job.
Closes-Bug: #1769286
Change-Id: Ic4fff4c59eda43dd1bc6e7b645b513b46b57c235
Along with converting to the database backend for console token auth,
the console proxies need to run per cell instead of globally. This way,
the instance UUID isn't needed in the access url as users will be
handed an access url local to the cell their instances is in. With
console proxies sharded across cells, a large cloud will no longer have
a bottleneck of one console proxy for the entire deployment.
This also disables the novnc tempest tests with a TODO to re-enable
them once the nova patch series that converts from the nova-consoleauth
backend -> cell database backend lands.
Change-Id: I67894a31b887a93de26f3d2d8a1fa84be5b9ea89
In Tumbleweed genisoimage was dropped in favor of cdrtools,
so installing that no longer works. We can however install
mkisofs directly and switch to that as that is also available
in Leap 42.3 and Leap 15.0+ family distros.
Also drop dependency on libmysqlclient-devel which appears
unnecessary (and is no longer available with mariadb 10.2+)
Change-Id: Ie8402204b6cdf94c21865caba116d3fd1298c5ad
Fix a few path issues where we didn't properly use NOVA_BIN_DIR /
SWIFT_BIN_DIR.
This is part of the effort to start using a virtualenv for openstack
services.
Change-Id: I6eb383db65cc902c67c43e5cb1a16a9716a914b2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
When nova-manage db sync runs on cell1 in superconductor
mode, the [api_database]/connection config option isn't
set in the config file on purpose so the cell can't
reach the API database.
As a result, the db sync on the cell config can't hit
the API DB to sync cell0, which is not something we need
here anyway, but it results in an error message.
This tells the cell config db sync to just run it on the
cell database and not try to sync cell0.
Change-Id: Iac092762decd6de9e90e264f2998d255e8e40d00